Skip to content

Commit c1f6e51

Browse files
vkrot-cellChromium LUCI CQ
authored andcommitted
[Extensions] WebRequest SecurityInfo in web sockets
This CL adds logic to proxy web socket to obtain ssl info from there. This follows previous CL - https://chromium-review.googlesource.com/c/chromium/src/+/7166297/1 Proposal: w3c/webextensions#899 Bug: 458045659 Change-Id: Id0773cee906ee5c145faae642b5de71f40e087f3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7165511 Reviewed-by: Finnur Thorarinsson <finnur@chromium.org> Commit-Queue: Vlad Krot <vkrot@google.com> Cr-Commit-Position: refs/heads/main@{#1553911}
1 parent 13d2ce6 commit c1f6e51

File tree

6 files changed

+81
-6
lines changed

6 files changed

+81
-6
lines changed

chrome/browser/extensions/api/web_request/web_request_apitest.cc

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8390,6 +8390,8 @@ IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, SecurityInfo_Secure) {
83908390
embedded_test_server()->GetURL("/simple.html"));
83918391
}
83928392

8393+
// Tests that fetch('http://') results in web request listener
8394+
// getting SecurityInfo with state='insecure' and all other fields not set.
83938395
IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, SecurityInfo_Insecure) {
83948396
ASSERT_TRUE(StartEmbeddedTestServer());
83958397

@@ -8421,6 +8423,43 @@ IN_PROC_BROWSER_TEST_F(SecurityInfoBrokenWebRequestApiTest,
84218423
embedded_test_server()->GetURL("/simple.html"));
84228424
}
84238425

8426+
IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
8427+
SecurityInfo_WebSocket_Secure) {
8428+
ASSERT_TRUE(StartEmbeddedTestServer());
8429+
8430+
InitWebSocketHttpsServer();
8431+
ASSERT_TRUE(StartWebSocketServer());
8432+
8433+
RunSecurityInfoTest("secure", /*use_web_socket=*/true,
8434+
GetWebSocketServer().GetCertificate(),
8435+
GetWebSocketServer().GetURL("/echo-with-no-extension"));
8436+
}
8437+
8438+
// Tests that new Websocket('ws://') results in web request listener
8439+
// getting SecurityInfo with state='insecure' and all other fields not set.
8440+
IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
8441+
SecurityInfo_WebSocket_Insecure) {
8442+
ASSERT_TRUE(StartEmbeddedTestServer());
8443+
ASSERT_TRUE(StartWebSocketServer());
8444+
8445+
RunSecurityInfoInsecureTest(
8446+
/*use_web_socket=*/true,
8447+
GetWebSocketServer().GetURL("/echo-with-no-extension"));
8448+
}
8449+
8450+
IN_PROC_BROWSER_TEST_F(SecurityInfoBrokenWebRequestApiTest,
8451+
SecurityInfo_WebSocket_Broken) {
8452+
ASSERT_TRUE(StartEmbeddedTestServer());
8453+
8454+
InitWebSocketHttpsServer(
8455+
net::test_server::EmbeddedTestServer::ServerCertificate::CERT_EXPIRED);
8456+
ASSERT_TRUE(StartWebSocketServer());
8457+
8458+
RunSecurityInfoTest("broken", /*use_web_socket=*/true,
8459+
GetWebSocketServer().GetCertificate(),
8460+
GetWebSocketServer().GetURL("/echo-with-no-extension"));
8461+
}
8462+
84248463
#endif // BUILDFLAG(ENABLE_EXTENSIONS)
84258464

84268465
} // namespace extensions

chrome/browser/extensions/extension_apitest.cc

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -268,6 +268,16 @@ net::EmbeddedTestServer& ExtensionApiTest::GetWebSocketServer() {
268268
return *websocket_server_;
269269
}
270270

271+
void ExtensionApiTest::InitWebSocketHttpsServer(
272+
net::test_server::EmbeddedTestServer::ServerCertificate
273+
server_certificate) {
274+
CHECK(!websocket_server_);
275+
websocket_server_ = std::make_unique<net::test_server::EmbeddedTestServer>(
276+
net::test_server::EmbeddedTestServer::Type::TYPE_HTTPS);
277+
websocket_server_->SetSSLConfig(server_certificate);
278+
net::test_server::InstallDefaultWebSocketHandlers(websocket_server_.get());
279+
}
280+
271281
bool ExtensionApiTest::StartWebSocketServer(
272282
bool enable_basic_auth) {
273283
// Initialize `websocket_server_`, if needed.

chrome/browser/extensions/extension_apitest.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,13 @@ class ExtensionApiTest : public ExtensionBrowserTest {
126126
// the server before it has started.
127127
net::test_server::EmbeddedTestServer& GetWebSocketServer();
128128

129+
// Initializes web_socket that is returned by `GetWebSocketServer` function
130+
// to serve endpoints via secure wss protocol.
131+
void InitWebSocketHttpsServer(
132+
net::test_server::EmbeddedTestServer::ServerCertificate
133+
server_certificate =
134+
net::test_server::EmbeddedTestServer::ServerCertificate::CERT_OK);
135+
129136
// Start the test WebSocket server, and store details of its state. Those
130137
// details will be available to javascript tests using
131138
// chrome.test.getConfig(). Enable HTTP basic authentication if needed.

extensions/browser/api/web_request/web_request_api.cc

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -630,10 +630,13 @@ void WebRequestAPI::ProxyWebSocket(
630630
const bool has_extra_headers =
631631
WebRequestEventRouter::Get(browser_context)
632632
->HasAnyExtraHeadersListener(browser_context);
633+
const bool has_security_info =
634+
WebRequestEventRouter::Get(browser_context)
635+
->HasAnySecurityInfoListener(browser_context);
633636

634637
WebRequestProxyingWebSocket::StartProxying(
635638
std::move(factory), url, site_for_cookies, user_agent,
636-
std::move(handshake_client), has_extra_headers,
639+
std::move(handshake_client), has_extra_headers, has_security_info,
637640
frame->GetProcess()->GetDeprecatedID(), frame->GetRoutingID(),
638641
&request_id_generator_, frame->GetLastCommittedOrigin(),
639642
frame->GetProcess()->GetBrowserContext(), proxies_.get());

extensions/browser/api/web_request/web_request_proxying_websocket.cc

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ WebRequestProxyingWebSocket::WebRequestProxyingWebSocket(
6363
mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
6464
handshake_client,
6565
bool has_extra_headers,
66+
bool has_security_info,
6667
int process_id,
6768
int render_frame_id,
6869
content::BrowserContext* browser_context,
@@ -74,6 +75,7 @@ WebRequestProxyingWebSocket::WebRequestProxyingWebSocket(
7475
request_headers_(request.headers),
7576
response_(network::mojom::URLResponseHead::New()),
7677
has_extra_headers_(has_extra_headers),
78+
has_security_info_(has_security_info),
7779
info_(WebRequestInfoInitParams(
7880
request_id_generator->Generate(IPC::mojom::kRoutingIdNone, 0),
7981
process_id,
@@ -114,7 +116,7 @@ void WebRequestProxyingWebSocket::Start() {
114116
// OnBeforeSendHeaders and OnSendHeaders will be handled there. Otherwise,
115117
// send these events before the request starts.
116118
base::RepeatingCallback<void(int)> continuation;
117-
if (has_extra_headers_) {
119+
if (has_extra_headers_ || has_security_info_) {
118120
continuation = base::BindRepeating(
119121
&WebRequestProxyingWebSocket::ContinueToStartRequest,
120122
weak_factory_.GetWeakPtr());
@@ -124,6 +126,9 @@ void WebRequestProxyingWebSocket::Start() {
124126
weak_factory_.GetWeakPtr());
125127
}
126128

129+
WebRequestEventRouter::Get(browser_context_)
130+
->HasSecurityInfoListenerForRequest(browser_context_, &info_);
131+
127132
// TODO(yhirano): Consider having throttling here (probably with aligned with
128133
// WebRequestProxyingURLLoaderFactory).
129134
bool should_collapse_initiator = false;
@@ -205,7 +210,7 @@ void WebRequestProxyingWebSocket::OnConnectionEstablished(
205210

206211
response_->remote_endpoint = handshake_response_->remote_endpoint;
207212

208-
// response_->headers will be set in OnBeforeSendHeaders if
213+
// response_->headers will be set in OnHeadersReceived if
209214
// |receiver_as_header_client_| is set.
210215
if (receiver_as_header_client_.is_bound()) {
211216
ContinueToCompleted();
@@ -298,7 +303,14 @@ void WebRequestProxyingWebSocket::OnHeadersReceived(
298303
OnHeadersReceivedCallback callback) {
299304
DCHECK(receiver_as_header_client_.is_bound());
300305

306+
if (has_security_info_ &&
307+
WebRequestEventRouter::Get(browser_context_)
308+
->HasSecurityInfoListenerForRequest(browser_context_, &info_)) {
309+
info_.AddSslInfo(ssl_info);
310+
}
311+
301312
on_headers_received_callback_ = std::move(callback);
313+
302314
response_->headers = base::MakeRefCounted<net::HttpResponseHeaders>(headers);
303315

304316
ContinueToHeadersReceived();
@@ -317,6 +329,7 @@ void WebRequestProxyingWebSocket::StartProxying(
317329
mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
318330
handshake_client,
319331
bool has_extra_headers,
332+
bool has_security_info,
320333
int process_id,
321334
int render_frame_id,
322335
WebRequestAPI::RequestIDGenerator* request_id_generator,
@@ -334,8 +347,8 @@ void WebRequestProxyingWebSocket::StartProxying(
334347

335348
auto proxy = std::make_unique<WebRequestProxyingWebSocket>(
336349
std::move(factory), request, std::move(handshake_client),
337-
has_extra_headers, process_id, render_frame_id, browser_context,
338-
request_id_generator, proxies);
350+
has_extra_headers, has_security_info, process_id, render_frame_id,
351+
browser_context, request_id_generator, proxies);
339352

340353
auto* raw_proxy = proxy.get();
341354
proxies->AddProxy(std::move(proxy));
@@ -420,7 +433,7 @@ void WebRequestProxyingWebSocket::ContinueToStartRequest(int error_code) {
420433

421434
mojo::PendingRemote<network::mojom::TrustedHeaderClient>
422435
trusted_header_client = mojo::NullRemote();
423-
if (has_extra_headers_) {
436+
if (has_extra_headers_ || has_security_info_) {
424437
trusted_header_client =
425438
receiver_as_header_client_.BindNewPipeAndPassRemote();
426439
}

extensions/browser/api/web_request/web_request_proxying_websocket.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ class WebRequestProxyingWebSocket
5353
mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
5454
handshake_client,
5555
bool has_extra_headers,
56+
bool has_security_info,
5657
int process_id,
5758
int render_frame_id,
5859
content::BrowserContext* browser_context,
@@ -103,6 +104,7 @@ class WebRequestProxyingWebSocket
103104
mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
104105
handshake_client,
105106
bool has_extra_headers,
107+
bool has_security_info,
106108
int process_id,
107109
int render_frame_id,
108110
WebRequestAPI::RequestIDGenerator* request_id_generator,
@@ -160,6 +162,7 @@ class WebRequestProxyingWebSocket
160162
GURL redirect_url_;
161163
bool is_done_ = false;
162164
bool has_extra_headers_;
165+
bool has_security_info_;
163166
mojo::PendingRemote<network::mojom::WebSocket> websocket_;
164167
mojo::PendingReceiver<network::mojom::WebSocketClient> client_receiver_;
165168
network::mojom::WebSocketHandshakeResponsePtr handshake_response_ = nullptr;

0 commit comments

Comments
 (0)